Tag: Windows Server

Local Session Manager
Little TipsNetworkingRDS - Remote Desktop ConnectionWindows Server Tips

How To Find Out All Remote Desktop Logon Sessions That Took Place On Windows Server 2012 R2

The first time I used these logs is when I was running an audit to figure out whether a specific user has recently accessed my server using Remote Desktop Connection.

In order to identify who has recently had a full session remotely running on your server, you: look at the events located at these two places:

Event Viewer > Application and Service logs > Microsoft > Windows > TerminalServices – Local SessionManager > Operational

and

Event Viewer > Application and Service logs > Microsoft > Windows > TerminalServices – RemoteConnectionManager > Operational

To have any events logged in here, you have to at least have these things in place:

  • You must be running the Windows Feature AppServer (Terminal Services Application Server)
  • The specified logs must be enabled.

With these conditions in place, these logs show give you the user names and computer names of all Remote Desktop sessions that have taken place between your computer and other client devices for a certain duration of time. Of course the length of the log depends on the properties you have set for the logs (e.g. Enabled logging, Maximum log size, what to do when maximum event log size is reached, etc.).

Please note that these logs can also be used to diagnose and troubleshoot RDS sessions that disconnect in an apparently random way.

One other place you can check is your Event Viewer > Windows Logs > Security which should have audit log of successful and failed logons if you had activated the “Audit logon events” in Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy snap-in.

Finally, a rather simple way you can go about it is by using the command line as an administrator and typing the following command (more about it at the Windows Command Line reference below):

net user  username | findstr /B /C:"Last logon"

Do you know of any other ways to achieve this audit? Please let us know in the comment section.

Some other useful resources include:

Advertisements
NetworkingWindows Server Tips

Can’t Find Server in Network

You have installed Windows Server 2008 R2, you have installed the application you want to make available to multiple endpoints on your LAN (Local Area Network), and you have even created your Share on the server. Good!

Then comes the time to setup the endpoints or client computers that will consume your application, but there is one problem, Ma’am/Sir! You cannot find the Share on the network. In fact, you cannot even find your server on the network!! What do you do?

You go to your Services on the server and enable the service named Computer Browser. This service is disabled by default. So, turn it on and you are good to go! Go check on the endpoints’ list of network devices on your LAN and you should see your server there. If you do not, please leave a comment here.

Some external help here from the people at Websense:

1.Make sure that Windows Network File Sharing is enabled.
  a.Go to Start > Network > Network and Sharing Center.
  b.In the Sharing and Discovery section, set File Sharing to On.
2.Go to Control Panel > Administrative Tools > Services.
3.Double-click Computer Browser to open the Properties dialog box.
4.Set the Startup type to Automatic.
5.Click Start.
6.Click OK to save your changes and close the Services dialog box.

And from the people at Microsoft Technet.